Windows Password recovery software is typically used to reset, recover or remove password for Windows machines. They are in great helpf when the password is lost or forgotten, or an authorized user wants to access the account of a user that is no longer being used. These tools are often called password 'cracking' utilities because they crack the password. They can also remove or reset password depending on their functionality.
There are dozens of password recovery software applications available on the Internet, but not all of them are equally effective. Some of them have a low recovery rate; others aren't vetted by other users so they may be unsafe or contain malware; some software can even damage or delete the data you have on your computer. That's why you need to be very careful when choosing the right tool to recover your Windows password.
This article outlines ten of the best free Windows password recovery tools that we've reviewed so far in 2018. They're all well-known among Windows users, and all of them have fairly good recovery rates. Of course, since they're free, they will each have their limitations. Some may take a long time to recover or unlock your Windows password; others might have restrictions on the password length they can handle, and so on. So let's get started with our list.
Pre-Created Password Reset Disk
If you're proactive, this is probably the easiest way to recovery your Windows password for free. In order to be able to access your PC without a password, you first need to create a password reset disk from within Windows. A reset disk created this way will allow you to simply insert it into a locked PC and reset the password on the login screen. If you forgot doing this in advance, please skip this part and choose one from the rest suggestions.
Connect a USB flash drive to your PC. At the login screen, please click "Reset Password". From the next screen, please follow the screen intructions and select the disk name from the prompt. Once the disk is recognized by the comoputer, it will ask you to set a new password for that computer. Just type a new password and click "Finish". Reboot the computer and input the new password for login.
UBCD (Ultimate Boot CD) Password Recovery Software
UBCD is an useful tool when you've already forgotten your Windows password and you can't get into your user or admin account. Ultimate Boot CD, or UBCD, not only has the chntpw utility built into it to recovery passwords, but it also comes with an array of repair tools for several Windows issues. For now, we'll focus on password recovery.
Download the latest version of UBCD to a different computer, and use a free ISO burning utility like FreeISO Burner to burn the bootable media to a disk or a USB flash drive. Now insert and boot up your locked PC with the bootable UBCD disk or drive. On the boot menu, you'll see "Parted Magic"; select that and hit Enter.
On the next screen, just select the default settings to get to the Parted Magic desktop. Here, under System Tools on the bottom left of your screen, you'll see an option called "PCLoginNow ." Click on that.
Another smaller window will open and show you all the drive partitions. Select the right one, and that will display the Main Interactive Menu for the chntpw utility. Follow the on-screen instructions to choose the right user and then edit or delete that user's password. Finally, press q and Enter to quit, then y and Enter to confirm writing the registry hive to the disk. And you're done.
Windows Installation CD or DVD (Command Prompt)
You will need a Windows installation CD to use this method, as well as some experience with command line work. You don't have to be an expert, but it helps if you have some working knowledge of the process involved. Never do anything you're not comfortable doing. There are always other methods you can try from this list. But if you want to do it this way, here's how:
Boot up your PC from the Windows Install CD. Most PCs are setup to boot from the disk, but if that's not the case, simple enter the BIOS setup and change the boot order. To enter the BIOS setup, press "Del", "F2", "Esc" or key displayed during boot up. Change the boot order to "Boot from CD" and resume the boot process.
If you've done the first step properly, you will now see Options to either repair or install Windows. Choose Repair and then click on Command Prompt. At the command line, type the following:
copy c:\windows\system32\sethc.exe c:\ (Press Enter)
copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe (Press Enter)
After this, remove the installation disk and reboot your computer. On the login screen, press your Shift key 5 times in a row, and you'll be taken to the command prompt again. This time, type: net user username newpassword (replace strings as appropriate).
You should now be able to login to your PC without a password.
Offline NT Password & Registry Editor (Chntpw)
This one acts as a password remover rather than a reset program, so it works differently from Ophcrack and other similar software. The method is the same, however. All you need to do is download and burn the offline ISO file and then use the burned disk or drive to boot up your locked computer. Once the program has run, there won't be any password when you login to your Windows user or admin account. More detailed tutorial can be found in here.
Be warned that this program requires some command line work that could be hard for someone with no experience. The initial process is the same as the previous two applications except for the command line inputs. If you're not comfortable with this, don't use this method.
Ophcrack Windows Password Recovery Software
Ophcrack is one of the better-known password recovery programs. It's open-source, so you have to be careful what version you pick. Ophcrack Live CD is a bootable version of the original software, but it's not a physical CD. You will need to burn it on to a USB drive or DVD as a password reset disk.
To use Ophcrack Live CD, go to the website and download the appropriate version for the Windows machine you want to unlock. This process will need to be done on a different PC, of course, since you can't access yours. But don't worry about the OS version of the computer you use to create the reset disk.
Once you create the disk or drive, insert that into your locked PC and boot it up. Now wait for the Ophcrack menu to appear. Since the media is bootable, it contains all the OS and other information that you need to reset the password. If you don't change anything, Ophcrack will automatically start to reset the password after a few seconds. If you did everything right, you'll be able to access your account with a recovered password.
LCP Windows Password Cracker
To use this powerful password audit and cracking tool, you might need to first boot your PC from a Live CD. Once you have done that, you can use LCP to import the password hashes from the SAM (Security Account Manager) file, which is typically found here: C:/Windows/System32/Config
Download and unzip the portable version of LCP and open the program. Under Import, choose "Import from SAM File". You may need to locate the SAM file, but on that window make sure that the "Additional encryption is used" checkbox is unchecked when you click "Ok".
The program will now display the hashes with user names. Now click on the right arrowhead button (play button) to start the password cracking process. Your recovered password will appear against the corresponding username under the NT Password column. Note down the password and then reboot your PC normally and login using that password.
John the Ripper
John the Ripper is another powerful utility to crack password hashes. Obviously, that means you need to extract the hashes from the SAM file with a different tool before you can use John the Ripper to crack the password that you want. Use the Live CD method as with LCP, then use a freeware utility like PwDump7. Once you've downloaded the app and unzipped it, go to the command line (Administrator), navigate to the directory where you unzipped the app, and then type in the following:
PwDump7.exe > d:\hash.txt
What this does is to allow the extraction app to grab the hashes from the SAM file and save them as a text file. Now download and unzip the Windows binaries for John the Ripper, then on the command prompt, navigate to that directory and type in the following:
john --format=LM d:\hash.txt
You should be able to see the recovered password displayed in the command prompt. Boot up your PC as usual and enter with that password.
Lazesoft Recovery My Password Free Edition
Lazesoft Recovery My Password follows the password reset disk tricks to bypass the security; but everything is done on what they call the "host Windows" PC. Since your PC is locked, you will need to download the software on the host PC or a different Windows installation on the same PC in order to prepare the reset disk.
Download the application, select the OS version of the target (locked PC) on the interface and select "Reset Local Password". Click on "Next". Now choose the user account and account properties, and click on "Next". Finally, select Reset/Unlock and click on "Finished."
Now insert the disk into the target PC or the drive where the target Windows installation is, and it should boot up without a password requirement.
Mimikatz is an open-source tool to get Windows credentials such as passwords. While it doesn't actually remove or reset a password, it's great if you simply want to recover it. You can either access the GitHub repository or download the binaries directly. You can also build your own release with MS Visual Studio.
Once you have downloaded or built Mimikatz, run it as an administrator and create the log by simply using the "log" command. This starts the logging process and will create the Mimikatz.log file. When you first run Mimikatz, this is where all the communication (I/O) will be kept. Now you need debug privilege, for which the command is privilege::debug
To see the clear text passwords, you need this command - sekurlsa::logonpasswords
You will now be able to see the password in clear text as well as NTLM. Unless you're familiar with such tools, it might not be a good idea to play around. Be sure this is the method you want to use before trying it out.
Another powerful password recovery utility is Hash Suite. As with other password crackers, this tool does not attempt to "invert" the hashes, which is often impossible. Instead, it generates keys or candidate passwords, hashes those and then compares those hashes with the actual password hashes on the target computer. Two things make this a powerful tool: the fact that Windows uses rapidly computable password hash functions, and that users tend to choose easy-to-remember passwords. That should be a warning to Windows users.
After downloading an unzipping the .exe file, run the program. You'll see a welcome window where you need to click "OK" or press "Enter". The initial step is to benchmark the hardware. This will take about 10-12 minutes, but you can stop the benchmark whenever you like.
The next step is to acquire some quality word lists via the Hash Suite Downloader (press alt+d+h). Next, you will need to extract the hashes. This has been described in the LCP recovery process above. After this, the NTLM hashes need to be selected and the attacks can be started. Note: You may need to try multiple attacks to finally crack the password for your user or admin account.
As you can see, there are a variety of software applications and programs that you can use to recover passwords. Some of them are a little harder to use than others, but all of them are extremely popular and are being actively used by millions of Windows users around the world. All of these five utilities have their advantages and disadvantages, as you just saw. Some of them are fast, but complex. Others are simple, but limited by functionality. Depending on your exact situation, however, you should be able to choose at least one that works for you.